When you install a fresh instance of WHM/cPanel, it is relatively open and vulnerable. To run a professional hosting operation like Codemoly, you have to move beyond the “default” and enter the world of server hardening.
Level 1: The Firewall (CSF & LFD)
The first line of defense is a properly configured ConfigServer Security & Firewall (CSF). We don’t just “turn it on.” We tune it to:
- Block “port scanning” from malicious bots.
- Detect and ban IP addresses attempting brute-force logins on SSH or FTP.
- Integrate with ModSecurity to filter out common web attacks like SQL injections.
Level 2: Process Isolation (CloudLinux)
In a shared environment, one “bad neighbor” with a leaky script can take down the whole server. I implement CloudLinux to “cage” users (CageFS). This ensures that every account has its own dedicated pool of CPU and RAM, preventing a single site from hogging the server’s resources.
Level 3: SSH & Root Security
The most dangerous entry point is the root login. I secure this by:
- Disabling password-based logins entirely and forcing SSH Key Authentication.
- Changing the default SSH port to avoid automated “script kiddie” attacks.
- Implementing Two-Factor Authentication (2FA) for all administrative accounts.
Infrastructure You Can Trust
Security isn’t an afterthought; it’s a core feature. When I manage your infrastructure, I’m not just keeping the lights on I’m building a fortress around your brand.
